/*
XPTracker - Alternative Agile Tracking Tool
Copyright (C) 2006-2009  Stephen Starkey

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
*/
package net.sourceforge.stripes.security.action;

import java.lang.annotation.*;

/**
 * Annotation used to secure ActionBean classes and methods with roles within the web appliction. If
 * the
 *
 * @author Nic Holbrook
 * @Secure annotation is used, the default behavior is to deny access even if no roles are
 * specified. If roles are specified, they are processed in the order of notAllowed,
 * requiresAll, and then requiresAny. Any combination of these may be set. You must create a
 * class that implements StripesSecurityManager and set this as your security manager in the
 * web.xml config as shown below.
 * <p/>
 * <servlet> <servlet-name>StripesDispatcher</servlet-name>
 * <servlet-class>net.sourceforge.stripes.security.controller.DispatcherServlet</servlet-class> <init-param>
 * <param-name>XpSecurityManager</param-name>
 * <param-value>net.sourceforge.stripes.security.MyContainerSecurityManager</param-value>
 * </init-param> <load-on-startup>1</load-on-startup> </servlet>
 * <p/>
 * You can then add the
 * @Secure annotation to any of your action class or method declarations like so.
 * @Secure( roles="MANAGE_USERS, MANAGE_CUSTOMERS" )
 */
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
@Documented
public @interface Secure {
  String roles();
}
